veto-sdk 2.2.1 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +933 -57
- package/dist/admin/client.d.ts +93 -0
- package/dist/admin/client.d.ts.map +1 -0
- package/dist/admin/client.js +365 -0
- package/dist/admin/client.js.map +1 -0
- package/dist/admin/types.d.ts +206 -0
- package/dist/admin/types.d.ts.map +1 -0
- package/dist/admin/types.js +2 -0
- package/dist/admin/types.js.map +1 -0
- package/dist/audit/chain.d.ts +13 -0
- package/dist/audit/chain.d.ts.map +1 -0
- package/dist/audit/chain.js +32 -0
- package/dist/audit/chain.js.map +1 -0
- package/dist/browser/types.d.ts +1 -1
- package/dist/browser/types.d.ts.map +1 -1
- package/dist/browser/veto.d.ts.map +1 -1
- package/dist/browser/veto.js +24 -2
- package/dist/browser/veto.js.map +1 -1
- package/dist/cli/compile.d.ts.map +1 -1
- package/dist/cli/compile.js +6 -5
- package/dist/cli/compile.js.map +1 -1
- package/dist/cli/repl-generate.js +1 -1
- package/dist/cli/repl-generate.js.map +1 -1
- package/dist/cli/runner.d.ts.map +1 -1
- package/dist/cli/runner.js +129 -8
- package/dist/cli/runner.js.map +1 -1
- package/dist/cli/templates.d.ts +1 -1
- package/dist/cli/templates.d.ts.map +1 -1
- package/dist/cli/templates.js +1 -1
- package/dist/core/history.d.ts +14 -0
- package/dist/core/history.d.ts.map +1 -1
- package/dist/core/history.js +73 -13
- package/dist/core/history.js.map +1 -1
- package/dist/core/tool-pack-heuristics.d.ts.map +1 -1
- package/dist/core/tool-pack-heuristics.js +33 -0
- package/dist/core/tool-pack-heuristics.js.map +1 -1
- package/dist/core/validator.d.ts +4 -0
- package/dist/core/validator.d.ts.map +1 -1
- package/dist/core/validator.js +119 -97
- package/dist/core/validator.js.map +1 -1
- package/dist/core/veto.d.ts +53 -2
- package/dist/core/veto.d.ts.map +1 -1
- package/dist/core/veto.js +137 -7
- package/dist/core/veto.js.map +1 -1
- package/dist/custom/types.d.ts +1 -1
- package/dist/custom/types.d.ts.map +1 -1
- package/dist/deterministic/types.d.ts +2 -0
- package/dist/deterministic/types.d.ts.map +1 -1
- package/dist/index.d.ts +11 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -1
- package/dist/integrations/langchain/middleware.d.ts +1 -1
- package/dist/integrations/langchain/middleware.js +1 -1
- package/dist/integrations/openclaw/hooks.d.ts +30 -0
- package/dist/integrations/openclaw/hooks.d.ts.map +1 -0
- package/dist/integrations/openclaw/hooks.js +130 -0
- package/dist/integrations/openclaw/hooks.js.map +1 -0
- package/dist/integrations/openclaw/index.d.ts +3 -0
- package/dist/integrations/openclaw/index.d.ts.map +1 -0
- package/dist/integrations/openclaw/index.js +2 -0
- package/dist/integrations/openclaw/index.js.map +1 -0
- package/dist/integrations/vercel-ai/middleware.d.ts +1 -1
- package/dist/integrations/vercel-ai/middleware.js +1 -1
- package/dist/observability/otel.d.ts +29 -0
- package/dist/observability/otel.d.ts.map +1 -0
- package/dist/observability/otel.js +43 -0
- package/dist/observability/otel.js.map +1 -0
- package/dist/proxy/anthropic-interceptor.d.ts +51 -0
- package/dist/proxy/anthropic-interceptor.d.ts.map +1 -0
- package/dist/proxy/anthropic-interceptor.js +132 -0
- package/dist/proxy/anthropic-interceptor.js.map +1 -0
- package/dist/proxy/interceptor.d.ts +55 -0
- package/dist/proxy/interceptor.d.ts.map +1 -0
- package/dist/proxy/interceptor.js +111 -0
- package/dist/proxy/interceptor.js.map +1 -0
- package/dist/proxy/server.d.ts +21 -0
- package/dist/proxy/server.d.ts.map +1 -0
- package/dist/proxy/server.js +545 -0
- package/dist/proxy/server.js.map +1 -0
- package/dist/proxy/types.d.ts +18 -0
- package/dist/proxy/types.d.ts.map +1 -0
- package/dist/proxy/types.js +7 -0
- package/dist/proxy/types.js.map +1 -0
- package/dist/rate-limiting/evaluator.d.ts +17 -0
- package/dist/rate-limiting/evaluator.d.ts.map +1 -0
- package/dist/rate-limiting/evaluator.js +48 -0
- package/dist/rate-limiting/evaluator.js.map +1 -0
- package/dist/rate-limiting/redis-store.d.ts +36 -0
- package/dist/rate-limiting/redis-store.d.ts.map +1 -0
- package/dist/rate-limiting/redis-store.js +68 -0
- package/dist/rate-limiting/redis-store.js.map +1 -0
- package/dist/rate-limiting/store.d.ts +8 -0
- package/dist/rate-limiting/store.d.ts.map +1 -0
- package/dist/rate-limiting/store.js +60 -0
- package/dist/rate-limiting/store.js.map +1 -0
- package/dist/rate-limiting/types.d.ts +9 -0
- package/dist/rate-limiting/types.d.ts.map +1 -0
- package/dist/rate-limiting/types.js +2 -0
- package/dist/rate-limiting/types.js.map +1 -0
- package/dist/rules/condition-evaluator.d.ts.map +1 -1
- package/dist/rules/condition-evaluator.js +29 -0
- package/dist/rules/condition-evaluator.js.map +1 -1
- package/dist/rules/loader.d.ts.map +1 -1
- package/dist/rules/loader.js +5 -0
- package/dist/rules/loader.js.map +1 -1
- package/dist/rules/local-evaluator.d.ts.map +1 -1
- package/dist/rules/local-evaluator.js +9 -1
- package/dist/rules/local-evaluator.js.map +1 -1
- package/dist/rules/policy-ir-schema.d.ts +145 -4
- package/dist/rules/policy-ir-schema.d.ts.map +1 -1
- package/dist/rules/policy-ir-schema.js +122 -3
- package/dist/rules/policy-ir-schema.js.map +1 -1
- package/dist/rules/policy-packs.d.ts.map +1 -1
- package/dist/rules/policy-packs.js +1 -0
- package/dist/rules/policy-packs.js.map +1 -1
- package/dist/rules/types.d.ts +29 -2
- package/dist/rules/types.d.ts.map +1 -1
- package/dist/rules/types.js.map +1 -1
- package/dist/testing/runner.d.ts +21 -0
- package/dist/testing/runner.d.ts.map +1 -0
- package/dist/testing/runner.js +239 -0
- package/dist/testing/runner.js.map +1 -0
- package/dist/testing/types.d.ts +39 -0
- package/dist/testing/types.d.ts.map +1 -0
- package/dist/testing/types.js +7 -0
- package/dist/testing/types.js.map +1 -0
- package/dist/types/config.d.ts +1 -0
- package/dist/types/config.d.ts.map +1 -1
- package/dist/types/config.js.map +1 -1
- package/package.json +24 -14
- package/packs/crypto-trading.yaml +320 -0
package/dist/core/history.js
CHANGED
|
@@ -6,6 +6,10 @@
|
|
|
6
6
|
*
|
|
7
7
|
* @module core/history
|
|
8
8
|
*/
|
|
9
|
+
import { mkdirSync, readFileSync, existsSync } from 'node:fs';
|
|
10
|
+
import { appendFile } from 'node:fs/promises';
|
|
11
|
+
import { dirname } from 'node:path';
|
|
12
|
+
import { computeChainHash, GENESIS_HASH } from '../audit/chain.js';
|
|
9
13
|
/**
|
|
10
14
|
* Tracks the history of tool calls for context.
|
|
11
15
|
*/
|
|
@@ -13,9 +17,25 @@ export class HistoryTracker {
|
|
|
13
17
|
entries = [];
|
|
14
18
|
maxSize;
|
|
15
19
|
logger;
|
|
20
|
+
auditLogPath;
|
|
21
|
+
prevHash = GENESIS_HASH;
|
|
22
|
+
pendingWrite = Promise.resolve();
|
|
16
23
|
constructor(options) {
|
|
17
24
|
this.maxSize = options.maxSize;
|
|
18
25
|
this.logger = options.logger;
|
|
26
|
+
if (options.auditLog?.enabled) {
|
|
27
|
+
this.auditLogPath = options.auditLog.path ?? '.veto/audit.log';
|
|
28
|
+
try {
|
|
29
|
+
mkdirSync(dirname(this.auditLogPath), { recursive: true });
|
|
30
|
+
}
|
|
31
|
+
catch {
|
|
32
|
+
// If we can't create the dir, writes will fail and be caught per-record.
|
|
33
|
+
}
|
|
34
|
+
this.prevHash = this.recoverPrevHash();
|
|
35
|
+
}
|
|
36
|
+
else {
|
|
37
|
+
this.auditLogPath = null;
|
|
38
|
+
}
|
|
19
39
|
}
|
|
20
40
|
/**
|
|
21
41
|
* Add an entry to the history.
|
|
@@ -45,6 +65,54 @@ export class HistoryTracker {
|
|
|
45
65
|
decision: snapshotEntry.validationResult.decision,
|
|
46
66
|
historySize: this.entries.length,
|
|
47
67
|
});
|
|
68
|
+
if (this.auditLogPath !== null) {
|
|
69
|
+
this.appendAuditRecord(snapshotEntry);
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
entryToExportRecord(entry) {
|
|
73
|
+
const metadata = entry.validationResult.metadata;
|
|
74
|
+
return {
|
|
75
|
+
timestamp: entry.timestamp.toISOString(),
|
|
76
|
+
tool_name: entry.toolName,
|
|
77
|
+
arguments: entry.arguments,
|
|
78
|
+
policy_version: this.extractMetadataString(metadata, ['policyVersion', 'policy_version']),
|
|
79
|
+
rule_id: this.extractMetadataString(metadata, ['ruleId', 'rule_id']),
|
|
80
|
+
decision: entry.validationResult.decision,
|
|
81
|
+
reason: entry.validationResult.reason ?? null,
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
appendAuditRecord(entry) {
|
|
85
|
+
const record = this.entryToExportRecord(entry);
|
|
86
|
+
const hash = computeChainHash(this.prevHash, record);
|
|
87
|
+
this.prevHash = hash;
|
|
88
|
+
this.pendingWrite = this.pendingWrite.then(() => appendFile(this.auditLogPath, JSON.stringify({ ...record, chain_hash: hash }) + '\n', 'utf-8').catch((err) => {
|
|
89
|
+
this.logger.warn('Audit log write failed — continuing without audit record', {
|
|
90
|
+
error: err instanceof Error ? err.message : String(err),
|
|
91
|
+
path: this.auditLogPath,
|
|
92
|
+
});
|
|
93
|
+
}));
|
|
94
|
+
}
|
|
95
|
+
/** Await all pending audit log writes. Useful in tests and graceful shutdown. */
|
|
96
|
+
async flushAuditLog() {
|
|
97
|
+
await this.pendingWrite;
|
|
98
|
+
}
|
|
99
|
+
recoverPrevHash() {
|
|
100
|
+
if (!this.auditLogPath || !existsSync(this.auditLogPath))
|
|
101
|
+
return GENESIS_HASH;
|
|
102
|
+
try {
|
|
103
|
+
const content = readFileSync(this.auditLogPath, 'utf-8');
|
|
104
|
+
const lines = content.trimEnd().split('\n');
|
|
105
|
+
const lastLine = lines[lines.length - 1];
|
|
106
|
+
if (!lastLine)
|
|
107
|
+
return GENESIS_HASH;
|
|
108
|
+
const parsed = JSON.parse(lastLine);
|
|
109
|
+
if (typeof parsed['chain_hash'] === 'string')
|
|
110
|
+
return parsed['chain_hash'];
|
|
111
|
+
}
|
|
112
|
+
catch {
|
|
113
|
+
// Corrupted or empty file — start fresh
|
|
114
|
+
}
|
|
115
|
+
return GENESIS_HASH;
|
|
48
116
|
}
|
|
49
117
|
/**
|
|
50
118
|
* Record a tool call in the history.
|
|
@@ -179,20 +247,12 @@ export class HistoryTracker {
|
|
|
179
247
|
throw new Error(`Unsupported decision export format: ${String(format)}`);
|
|
180
248
|
}
|
|
181
249
|
toExportRecords() {
|
|
250
|
+
let prevHash = GENESIS_HASH;
|
|
182
251
|
return this.entries.map((entry) => {
|
|
183
|
-
const
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
arguments: entry.arguments,
|
|
188
|
-
policy_version: this.extractMetadataString(metadata, [
|
|
189
|
-
'policyVersion',
|
|
190
|
-
'policy_version',
|
|
191
|
-
]),
|
|
192
|
-
rule_id: this.extractMetadataString(metadata, ['ruleId', 'rule_id']),
|
|
193
|
-
decision: entry.validationResult.decision,
|
|
194
|
-
reason: entry.validationResult.reason ?? null,
|
|
195
|
-
};
|
|
252
|
+
const record = this.entryToExportRecord(entry);
|
|
253
|
+
const hash = computeChainHash(prevHash, record);
|
|
254
|
+
prevHash = hash;
|
|
255
|
+
return { ...record, chain_hash: hash };
|
|
196
256
|
});
|
|
197
257
|
}
|
|
198
258
|
extractMetadataString(metadata, keys) {
|
package/dist/core/history.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/core/history.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;
|
|
1
|
+
{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/core/history.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQpC,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAkBnE;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,OAAO,GAA2B,EAAE,CAAC;IACrC,OAAO,CAAS;IAChB,MAAM,CAAS;IACf,YAAY,CAAgB;IACrC,QAAQ,GAAW,YAAY,CAAC;IAChC,YAAY,GAAkB,OAAO,CAAC,OAAO,EAAE,CAAC;IAExD,YAAY,OAA8B;QACxC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE7B,IAAI,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,iBAAiB,CAAC;YAC/D,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,CAAC;YAAC,MAAM,CAAC;gBACP,yEAAyE;YAC3E,CAAC;YACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAC3B,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,GAAG,CAAC,KAA2B;QAC7B,MAAM,aAAa,GAAyB;YAC1C,GAAG,KAAK;YACR,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC;SAChD,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEjC,8CAA8C;QAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE;oBAC3D,WAAW,EAAE,OAAO,CAAC,QAAQ;oBAC7B,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;YACvC,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,QAAQ,EAAE,aAAa,CAAC,gBAAgB,CAAC,QAAQ;YACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;SACjC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,KAA2B;QACrD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CAAC,QAAQ,CAAC;QACjD,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;YACxC,SAAS,EAAE,KAAK,CAAC,QAAQ;YACzB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;YACzF,OAAO,EAAE,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACpE,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,QAAQ;YACzC,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,MAAM,IAAI,IAAI;SAC9C,CAAC;IACJ,CAAC;IAEO,iBAAiB,CAAC,KAA2B;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QAErB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAC9C,UAAU,CACR,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EACtD,OAAO,CACR,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0DAA0D,EAAE;gBAC3E,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,IAAI,EAAE,IAAI,CAAC,YAAY;aACxB,CAAC,CAAC;QACL,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,iFAAiF;IACjF,KAAK,CAAC,aAAa;QACjB,MAAM,IAAI,CAAC,YAAY,CAAC;IAC1B,CAAC;IAEO,eAAe;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC;YAAE,OAAO,YAAY,CAAC;QAC9E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACzD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ;gBAAE,OAAO,YAAY,CAAC;YACnC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA4B,CAAC;YAC/D,IAAI,OAAO,MAAM,CAAC,YAAY,CAAC,KAAK,QAAQ;gBAAE,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC;QAC5E,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CACJ,QAAgB,EAChB,IAA6B,EAC7B,MAAwB,EACxB,UAAmB;QAEnB,IAAI,CAAC,GAAG,CAAC;YACP,QAAQ;YACR,SAAS,EAAE,IAAI;YACf,gBAAgB,EAAE,MAAM;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,IAA6B;QAClD,MAAM,mBAAmB,GAAG,UAAU,CAAC,eAE1B,CAAC;QAEd,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,8DAA8D;YAChE,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAA4B,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,MAAM;QACJ,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,KAAa;QACnB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACnD,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,QAAgB;QACxB,OAAO,MAAM,CAAC,MAAM,CAClB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAC5D,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,cAAc,CACZ,KAAW,EACX,QAAc,IAAI,IAAI,EAAE;QAExB,OAAO,MAAM,CAAC,MAAM,CAClB,IAAI,CAAC,OAAO,CAAC,MAAM,CACjB,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAChE,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,MAAM,CAAC,MAAM,CAClB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAQ,KAAK,MAAM,CAAC,CAC3E,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,MAAM,UAAU,GAA2B,EAAE,CAAC;QAC9C,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,aAAa,GAAG,CAAC,CAAC;QAEtB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAEnE,QAAQ,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;gBACxC,KAAK,OAAO;oBACV,YAAY,EAAE,CAAC;oBACf,MAAM;gBACR,KAAK,MAAM;oBACT,WAAW,EAAE,CAAC;oBACd,MAAM;gBACR,KAAK,QAAQ;oBACX,aAAa,EAAE,CAAC;oBAChB,MAAM;YACV,CAAC;QACH,CAAC;QAED,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YAC/B,YAAY,EAAE,YAAY;YAC1B,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,aAAa;YAC5B,WAAW,EAAE,UAAU;SACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,SAA+B,MAAM;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAEvC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,uCAAuC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IAEO,eAAe;QACrB,IAAI,QAAQ,GAAG,YAAY,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAChD,QAAQ,GAAG,IAAI,CAAC;YAChB,OAAO,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,qBAAqB,CAC3B,QAA6C,EAC7C,IAAc;QAEd,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE5B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC5D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,OAA+B;QAC3C,MAAM,MAAM,GAAG;YACb,WAAW;YACX,WAAW;YACX,WAAW;YACX,gBAAgB;YAChB,SAAS;YACT,UAAU;YACV,QAAQ;SACT,CAAC;QAEF,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;YACnC,MAAM,CAAC,SAAS;YAChB,MAAM,CAAC,SAAS;YAChB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC;YAChC,MAAM,CAAC,cAAc,IAAI,EAAE;YAC3B,MAAM,CAAC,OAAO,IAAI,EAAE;YACpB,MAAM,CAAC,QAAQ;YACf,MAAM,CAAC,MAAM,IAAI,EAAE;SACpB,CAAC,CAAC;QAEH,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC;aACrB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACrE,IAAI,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC;IAEO,aAAa,CAAC,KAAa;QACjC,IACE,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;eAChB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;eACnB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;eACpB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EACvB,CAAC;YACD,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;QAC1C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-pack-heuristics.d.ts","sourceRoot":"","sources":["../../src/core/tool-pack-heuristics.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tool-pack-heuristics.d.ts","sourceRoot":"","sources":["../../src/core/tool-pack-heuristics.ts"],"names":[],"mappings":"AAmJA,wBAAgB,iCAAiC,CAC/C,SAAS,EAAE,SAAS,MAAM,EAAE,GAC3B,MAAM,EAAE,CAcV;AAED,wBAAgB,kCAAkC,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAE7E"}
|
|
@@ -1,4 +1,37 @@
|
|
|
1
1
|
const TOOL_PACK_HEURISTICS = [
|
|
2
|
+
{
|
|
3
|
+
patterns: [
|
|
4
|
+
'place_order',
|
|
5
|
+
'create_order',
|
|
6
|
+
'cancel_order',
|
|
7
|
+
'close_position',
|
|
8
|
+
'open_position',
|
|
9
|
+
'change_leverage',
|
|
10
|
+
'set_leverage',
|
|
11
|
+
'get_funding_rate',
|
|
12
|
+
'get_positions',
|
|
13
|
+
'get_orderbook',
|
|
14
|
+
'margin',
|
|
15
|
+
'liquidation',
|
|
16
|
+
'stop_loss',
|
|
17
|
+
'take_profit',
|
|
18
|
+
'futures',
|
|
19
|
+
'spot_trade',
|
|
20
|
+
'limit_order',
|
|
21
|
+
'market_order',
|
|
22
|
+
'leverage',
|
|
23
|
+
'place_bet',
|
|
24
|
+
'buy_shares',
|
|
25
|
+
'buy_outcome',
|
|
26
|
+
'get_markets',
|
|
27
|
+
'get_market_odds',
|
|
28
|
+
'redeem_shares',
|
|
29
|
+
'polymarket',
|
|
30
|
+
'prediction',
|
|
31
|
+
'trading',
|
|
32
|
+
],
|
|
33
|
+
pack: '@veto/crypto-trading',
|
|
34
|
+
},
|
|
2
35
|
{
|
|
3
36
|
patterns: [
|
|
4
37
|
'transfer',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-pack-heuristics.js","sourceRoot":"","sources":["../../src/core/tool-pack-heuristics.ts"],"names":[],"mappings":"AAKA,MAAM,oBAAoB,GAAiC;IACzD;QACE,QAAQ,EAAE;YACR,UAAU;YACV,SAAS;YACT,SAAS;YACT,UAAU;YACV,SAAS;YACT,SAAS;YACT,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,MAAM;YACN,MAAM;YACN,OAAO;YACP,QAAQ;SACT;QACD,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,QAAQ,EAAE;YACR,UAAU;YACV,OAAO;YACP,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,WAAW;YACX,WAAW;YACX,YAAY;YACZ,UAAU;YACV,aAAa;YACb,MAAM;YACN,KAAK;YACL,SAAS;SACV;QACD,IAAI,EAAE,0BAA0B;KACjC;IACD;QACE,QAAQ,EAAE;YACR,OAAO;YACP,KAAK;YACL,UAAU;YACV,QAAQ;YACR,QAAQ;YACR,OAAO;YACP,cAAc;YACd,aAAa;YACb,IAAI;YACJ,YAAY;YACZ,UAAU;YACV,MAAM;YACN,WAAW;SACZ;QACD,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,QAAQ,EAAE;YACR,MAAM;YACN,OAAO;YACP,SAAS;YACT,UAAU;YACV,MAAM;YACN,UAAU;YACV,YAAY;YACZ,WAAW;YACX,WAAW;YACX,aAAa;YACb,OAAO;YACP,MAAM;YACN,QAAQ;SACT;QACD,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,QAAQ,EAAE;YACR,OAAO;YACP,YAAY;YACZ,cAAc;YACd,QAAQ;YACR,KAAK;YACL,OAAO;YACP,SAAS;YACT,MAAM;YACN,cAAc;YACd,MAAM;YACN,OAAO;SACR;QACD,IAAI,EAAE,qBAAqB;KAC5B;IACD;QACE,QAAQ,EAAE;YACR,QAAQ;YACR,SAAS;YACT,SAAS;YACT,MAAM;YACN,UAAU;YACV,WAAW;YACX,WAAW;YACX,YAAY;YACZ,KAAK;YACL,QAAQ;YACR,MAAM;YACN,OAAO;SACR;QACD,IAAI,EAAE,kBAAkB;KACzB;CACF,CAAC;AAEF,MAAM,UAAU,iCAAiC,CAC/C,SAA4B;IAE5B,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE1C,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBACvE,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,kCAAkC,CAAC,QAAgB;IACjE,OAAO,iCAAiC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC"}
|
|
1
|
+
{"version":3,"file":"tool-pack-heuristics.js","sourceRoot":"","sources":["../../src/core/tool-pack-heuristics.ts"],"names":[],"mappings":"AAKA,MAAM,oBAAoB,GAAiC;IACzD;QACE,QAAQ,EAAE;YACR,aAAa;YACb,cAAc;YACd,cAAc;YACd,gBAAgB;YAChB,eAAe;YACf,iBAAiB;YACjB,cAAc;YACd,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,QAAQ;YACR,aAAa;YACb,WAAW;YACX,aAAa;YACb,SAAS;YACT,YAAY;YACZ,aAAa;YACb,cAAc;YACd,UAAU;YACV,WAAW;YACX,YAAY;YACZ,aAAa;YACb,aAAa;YACb,iBAAiB;YACjB,eAAe;YACf,YAAY;YACZ,YAAY;YACZ,SAAS;SACV;QACD,IAAI,EAAE,sBAAsB;KAC7B;IACD;QACE,QAAQ,EAAE;YACR,UAAU;YACV,SAAS;YACT,SAAS;YACT,UAAU;YACV,SAAS;YACT,SAAS;YACT,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,MAAM;YACN,MAAM;YACN,OAAO;YACP,QAAQ;SACT;QACD,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,QAAQ,EAAE;YACR,UAAU;YACV,OAAO;YACP,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,WAAW;YACX,WAAW;YACX,YAAY;YACZ,UAAU;YACV,aAAa;YACb,MAAM;YACN,KAAK;YACL,SAAS;SACV;QACD,IAAI,EAAE,0BAA0B;KACjC;IACD;QACE,QAAQ,EAAE;YACR,OAAO;YACP,KAAK;YACL,UAAU;YACV,QAAQ;YACR,QAAQ;YACR,OAAO;YACP,cAAc;YACd,aAAa;YACb,IAAI;YACJ,YAAY;YACZ,UAAU;YACV,MAAM;YACN,WAAW;SACZ;QACD,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,QAAQ,EAAE;YACR,MAAM;YACN,OAAO;YACP,SAAS;YACT,UAAU;YACV,MAAM;YACN,UAAU;YACV,YAAY;YACZ,WAAW;YACX,WAAW;YACX,aAAa;YACb,OAAO;YACP,MAAM;YACN,QAAQ;SACT;QACD,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,QAAQ,EAAE;YACR,OAAO;YACP,YAAY;YACZ,cAAc;YACd,QAAQ;YACR,KAAK;YACL,OAAO;YACP,SAAS;YACT,MAAM;YACN,cAAc;YACd,MAAM;YACN,OAAO;SACR;QACD,IAAI,EAAE,qBAAqB;KAC5B;IACD;QACE,QAAQ,EAAE;YACR,QAAQ;YACR,SAAS;YACT,SAAS;YACT,MAAM;YACN,UAAU;YACV,WAAW;YACX,WAAW;YACX,YAAY;YACZ,KAAK;YACL,QAAQ;YACR,MAAM;YACN,OAAO;SACR;QACD,IAAI,EAAE,kBAAkB;KACzB;CACF,CAAC;AAEF,MAAM,UAAU,iCAAiC,CAC/C,SAA4B;IAE5B,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE1C,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBACvE,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,kCAAkC,CAAC,QAAgB;IACjE,OAAO,iCAAiC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC"}
|
package/dist/core/validator.d.ts
CHANGED
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
*/
|
|
8
8
|
import type { NamedValidator, ValidationContext, ValidationResult, Validator } from '../types/config.js';
|
|
9
9
|
import type { Logger } from '../utils/logger.js';
|
|
10
|
+
import type { VetoTracer } from '../observability/otel.js';
|
|
10
11
|
/**
|
|
11
12
|
* Options for the validation engine.
|
|
12
13
|
*/
|
|
@@ -15,6 +16,8 @@ export interface ValidationEngineOptions {
|
|
|
15
16
|
logger: Logger;
|
|
16
17
|
/** Default decision when no validators match */
|
|
17
18
|
defaultDecision: 'allow' | 'deny' | 'modify';
|
|
19
|
+
/** Optional OpenTelemetry tracer — no-op when null */
|
|
20
|
+
otelTracer?: VetoTracer | null;
|
|
18
21
|
}
|
|
19
22
|
/**
|
|
20
23
|
* Result of running all validators.
|
|
@@ -38,6 +41,7 @@ export declare class ValidationEngine {
|
|
|
38
41
|
private readonly validators;
|
|
39
42
|
private readonly logger;
|
|
40
43
|
private readonly defaultDecision;
|
|
44
|
+
private readonly otelTracer;
|
|
41
45
|
constructor(options: ValidationEngineOptions);
|
|
42
46
|
/**
|
|
43
47
|
* Add a validator to the engine.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../src/core/validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../src/core/validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,sBAAsB;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,eAAe,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IAC7C,sDAAsD;IACtD,UAAU,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,kDAAkD;IAClD,WAAW,EAAE,gBAAgB,CAAC;IAC9B,yCAAyC;IACzC,gBAAgB,EAAE,KAAK,CAAC;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,MAAM,EAAE,gBAAgB,CAAC;QACzB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;IACH,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAwB;IACnD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA8B;IAC9D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;gBAEnC,OAAO,EAAE,uBAAuB;IAM5C;;;;OAIG;IACH,YAAY,CAAC,SAAS,EAAE,SAAS,GAAG,cAAc,GAAG,IAAI;IAWzD;;;;OAIG;IACH,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,SAAS,GAAG,cAAc,CAAC,GAAG,IAAI;IAYlE;;;;;OAKG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAUtC;;OAEG;IACH,eAAe,IAAI,IAAI;IAKvB;;OAEG;IACH,aAAa,IAAI,SAAS,cAAc,EAAE;IAI1C;;;;;;;;OAQG;IACG,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAqJ/E;;OAEG;IACH,OAAO,CAAC,cAAc;IAItB;;OAEG;IACH,OAAO,CAAC,uBAAuB;CAUhC;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,cAAc,CAO3D;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,MAAM,EAAE,EACnB,MAAM,SAAoB,GACzB,cAAc,CAWhB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,MAAM,EAAE,EACnB,MAAM,SAA6B,GAClC,cAAc,CAgBhB"}
|
package/dist/core/validator.js
CHANGED
|
@@ -13,9 +13,11 @@ export class ValidationEngine {
|
|
|
13
13
|
validators = [];
|
|
14
14
|
logger;
|
|
15
15
|
defaultDecision;
|
|
16
|
+
otelTracer;
|
|
16
17
|
constructor(options) {
|
|
17
18
|
this.logger = options.logger;
|
|
18
19
|
this.defaultDecision = options.defaultDecision;
|
|
20
|
+
this.otelTracer = options.otelTracer ?? null;
|
|
19
21
|
}
|
|
20
22
|
/**
|
|
21
23
|
* Add a validator to the engine.
|
|
@@ -86,117 +88,137 @@ export class ValidationEngine {
|
|
|
86
88
|
* @returns Aggregated validation result
|
|
87
89
|
*/
|
|
88
90
|
async validate(context) {
|
|
91
|
+
const span = this.otelTracer?.startSpan('veto.validate') ?? null;
|
|
89
92
|
const startTime = performance.now();
|
|
90
93
|
const validatorResults = [];
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
// If no validators, return default decision
|
|
99
|
-
if (applicableValidators.length === 0) {
|
|
100
|
-
const defaultResult = { decision: this.defaultDecision };
|
|
101
|
-
this.logger.debug('No applicable validators, using default decision', {
|
|
102
|
-
decision: this.defaultDecision,
|
|
94
|
+
try {
|
|
95
|
+
// Get validators that apply to this tool
|
|
96
|
+
const applicableValidators = this.getApplicableValidators(context.toolName);
|
|
97
|
+
this.logger.debug('Starting validation', {
|
|
98
|
+
toolName: context.toolName,
|
|
99
|
+
callId: context.callId,
|
|
100
|
+
validatorCount: applicableValidators.length,
|
|
103
101
|
});
|
|
104
|
-
return
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
}
|
|
110
|
-
let finalResult = { decision: 'allow' };
|
|
111
|
-
let currentContext = context;
|
|
112
|
-
// Run validators in sequence
|
|
113
|
-
for (const validator of applicableValidators) {
|
|
114
|
-
const validatorStart = performance.now();
|
|
115
|
-
try {
|
|
116
|
-
const result = await validator.validate(currentContext);
|
|
117
|
-
const durationMs = performance.now() - validatorStart;
|
|
118
|
-
validatorResults.push({
|
|
119
|
-
validatorName: validator.name,
|
|
120
|
-
result,
|
|
121
|
-
durationMs,
|
|
122
|
-
});
|
|
123
|
-
this.logger.debug('Validator completed', {
|
|
124
|
-
validatorName: validator.name,
|
|
125
|
-
decision: result.decision,
|
|
126
|
-
durationMs: Math.round(durationMs * 100) / 100,
|
|
102
|
+
// If no validators, return default decision
|
|
103
|
+
if (applicableValidators.length === 0) {
|
|
104
|
+
const defaultResult = { decision: this.defaultDecision };
|
|
105
|
+
this.logger.debug('No applicable validators, using default decision', {
|
|
106
|
+
decision: this.defaultDecision,
|
|
127
107
|
});
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
108
|
+
const totalDurationMs = performance.now() - startTime;
|
|
109
|
+
span?.setAttribute('tool.name', context.toolName);
|
|
110
|
+
span?.setAttribute('veto.decision', defaultResult.decision);
|
|
111
|
+
span?.setAttribute('veto.duration_ms', totalDurationMs);
|
|
112
|
+
span?.end();
|
|
113
|
+
return {
|
|
114
|
+
finalResult: defaultResult,
|
|
115
|
+
validatorResults: [],
|
|
116
|
+
totalDurationMs,
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
let finalResult = { decision: 'allow' };
|
|
120
|
+
let currentContext = context;
|
|
121
|
+
// Run validators in sequence
|
|
122
|
+
for (const validator of applicableValidators) {
|
|
123
|
+
const validatorStart = performance.now();
|
|
124
|
+
try {
|
|
125
|
+
const result = await validator.validate(currentContext);
|
|
126
|
+
const durationMs = performance.now() - validatorStart;
|
|
127
|
+
validatorResults.push({
|
|
128
|
+
validatorName: validator.name,
|
|
129
|
+
result,
|
|
130
|
+
durationMs,
|
|
137
131
|
});
|
|
138
|
-
|
|
132
|
+
this.logger.debug('Validator completed', {
|
|
133
|
+
validatorName: validator.name,
|
|
134
|
+
decision: result.decision,
|
|
135
|
+
durationMs: Math.round(durationMs * 100) / 100,
|
|
136
|
+
});
|
|
137
|
+
// Handle different decisions
|
|
138
|
+
if (result.decision === 'deny') {
|
|
139
|
+
// Stop on first denial
|
|
140
|
+
finalResult = result;
|
|
141
|
+
this.logger.info('Tool call denied by validator', {
|
|
142
|
+
toolName: context.toolName,
|
|
143
|
+
callId: context.callId,
|
|
144
|
+
validator: validator.name,
|
|
145
|
+
reason: result.reason,
|
|
146
|
+
});
|
|
147
|
+
break;
|
|
148
|
+
}
|
|
149
|
+
else if (result.decision === 'require_approval') {
|
|
150
|
+
// Stop on approval requirement so callers can route to HITL flows.
|
|
151
|
+
finalResult = result;
|
|
152
|
+
this.logger.info('Tool call requires approval by validator', {
|
|
153
|
+
toolName: context.toolName,
|
|
154
|
+
callId: context.callId,
|
|
155
|
+
validator: validator.name,
|
|
156
|
+
reason: result.reason,
|
|
157
|
+
});
|
|
158
|
+
break;
|
|
159
|
+
}
|
|
160
|
+
else if (result.decision === 'modify' && result.modifiedArguments) {
|
|
161
|
+
// Update context with modified arguments for next validator
|
|
162
|
+
currentContext = {
|
|
163
|
+
...currentContext,
|
|
164
|
+
arguments: result.modifiedArguments,
|
|
165
|
+
};
|
|
166
|
+
finalResult = result;
|
|
167
|
+
}
|
|
168
|
+
else if (result.decision === 'allow') {
|
|
169
|
+
// Continue to next validator
|
|
170
|
+
finalResult = result;
|
|
171
|
+
}
|
|
139
172
|
}
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
this.logger.
|
|
173
|
+
catch (error) {
|
|
174
|
+
const durationMs = performance.now() - validatorStart;
|
|
175
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
176
|
+
this.logger.error('Validator threw an error', {
|
|
177
|
+
validatorName: validator.name,
|
|
144
178
|
toolName: context.toolName,
|
|
145
179
|
callId: context.callId,
|
|
146
|
-
|
|
147
|
-
|
|
180
|
+
}, error instanceof Error ? error : new Error(errorMessage));
|
|
181
|
+
// Treat validator errors as denials for safety
|
|
182
|
+
validatorResults.push({
|
|
183
|
+
validatorName: validator.name,
|
|
184
|
+
result: {
|
|
185
|
+
decision: 'deny',
|
|
186
|
+
reason: `Validator error: ${errorMessage}`,
|
|
187
|
+
},
|
|
188
|
+
durationMs,
|
|
148
189
|
});
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
// Update context with modified arguments for next validator
|
|
153
|
-
currentContext = {
|
|
154
|
-
...currentContext,
|
|
155
|
-
arguments: result.modifiedArguments,
|
|
190
|
+
finalResult = {
|
|
191
|
+
decision: 'deny',
|
|
192
|
+
reason: `Validator "${validator.name}" threw an error: ${errorMessage}`,
|
|
156
193
|
};
|
|
157
|
-
|
|
158
|
-
}
|
|
159
|
-
else if (result.decision === 'allow') {
|
|
160
|
-
// Continue to next validator
|
|
161
|
-
finalResult = result;
|
|
194
|
+
break;
|
|
162
195
|
}
|
|
163
196
|
}
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
result: {
|
|
176
|
-
decision: 'deny',
|
|
177
|
-
reason: `Validator error: ${errorMessage}`,
|
|
178
|
-
},
|
|
179
|
-
durationMs,
|
|
180
|
-
});
|
|
181
|
-
finalResult = {
|
|
182
|
-
decision: 'deny',
|
|
183
|
-
reason: `Validator "${validator.name}" threw an error: ${errorMessage}`,
|
|
184
|
-
};
|
|
185
|
-
break;
|
|
197
|
+
const totalDurationMs = performance.now() - startTime;
|
|
198
|
+
this.logger.debug('Validation complete', {
|
|
199
|
+
toolName: context.toolName,
|
|
200
|
+
callId: context.callId,
|
|
201
|
+
finalDecision: finalResult.decision,
|
|
202
|
+
totalDurationMs: Math.round(totalDurationMs * 100) / 100,
|
|
203
|
+
});
|
|
204
|
+
span?.setAttribute('tool.name', context.toolName);
|
|
205
|
+
span?.setAttribute('veto.decision', finalResult.decision);
|
|
206
|
+
if (finalResult.metadata?.ruleId !== undefined) {
|
|
207
|
+
span?.setAttribute('veto.rule_id', String(finalResult.metadata.ruleId));
|
|
186
208
|
}
|
|
209
|
+
span?.setAttribute('veto.duration_ms', totalDurationMs);
|
|
210
|
+
span?.end();
|
|
211
|
+
return {
|
|
212
|
+
finalResult,
|
|
213
|
+
validatorResults,
|
|
214
|
+
totalDurationMs,
|
|
215
|
+
};
|
|
216
|
+
}
|
|
217
|
+
catch (err) {
|
|
218
|
+
span?.setStatus({ code: 2 }); // SpanStatusCode.ERROR
|
|
219
|
+
span?.end();
|
|
220
|
+
throw err;
|
|
187
221
|
}
|
|
188
|
-
const totalDurationMs = performance.now() - startTime;
|
|
189
|
-
this.logger.debug('Validation complete', {
|
|
190
|
-
toolName: context.toolName,
|
|
191
|
-
callId: context.callId,
|
|
192
|
-
finalDecision: finalResult.decision,
|
|
193
|
-
totalDurationMs: Math.round(totalDurationMs * 100) / 100,
|
|
194
|
-
});
|
|
195
|
-
return {
|
|
196
|
-
finalResult,
|
|
197
|
-
validatorResults,
|
|
198
|
-
totalDurationMs,
|
|
199
|
-
};
|
|
200
222
|
}
|
|
201
223
|
/**
|
|
202
224
|
* Sort validators by priority (lower runs first).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/core/validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/core/validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAgCxD;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACV,UAAU,GAAqB,EAAE,CAAC;IAClC,MAAM,CAAS;IACf,eAAe,CAA8B;IAC7C,UAAU,CAAoB;IAE/C,YAAY,OAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,SAAqC;QAChD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;YACnC,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,QAAQ,EAAE,UAAU,CAAC,QAAQ;YAC7B,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACxC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,UAA6C;QACzD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;YACpC,KAAK,EAAE,UAAU,CAAC,MAAM;YACxB,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACxC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,IAAY;QAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAChE,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA0B;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC;QACjE,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACpC,MAAM,gBAAgB,GAAmD,EAAE,CAAC;QAE5E,IAAI,CAAC;YACH,yCAAyC;YACzC,MAAM,oBAAoB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAE5E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,cAAc,EAAE,oBAAoB,CAAC,MAAM;aAC5C,CAAC,CAAC;YAEH,4CAA4C;YAC5C,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtC,MAAM,aAAa,GAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC3E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE;oBACpE,QAAQ,EAAE,IAAI,CAAC,eAAe;iBAC/B,CAAC,CAAC;gBACH,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBACtD,IAAI,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAClD,IAAI,EAAE,YAAY,CAAC,eAAe,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC5D,IAAI,EAAE,YAAY,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;gBACxD,IAAI,EAAE,GAAG,EAAE,CAAC;gBACZ,OAAO;oBACL,WAAW,EAAE,aAAa;oBAC1B,gBAAgB,EAAE,EAAE;oBACpB,eAAe;iBAChB,CAAC;YACJ,CAAC;YAED,IAAI,WAAW,GAAqB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC1D,IAAI,cAAc,GAAG,OAAO,CAAC;YAE7B,6BAA6B;YAC7B,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;gBAC7C,MAAM,cAAc,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;gBAEzC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBACxD,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;oBAEtD,gBAAgB,CAAC,IAAI,CAAC;wBACpB,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,MAAM;wBACN,UAAU;qBACX,CAAC,CAAC;oBAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;wBACvC,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,GAAG,GAAG;qBAC/C,CAAC,CAAC;oBAEH,6BAA6B;oBAC7B,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;wBAC/B,uBAAuB;wBACvB,WAAW,GAAG,MAAM,CAAC;wBACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;4BAChD,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,SAAS,EAAE,SAAS,CAAC,IAAI;4BACzB,MAAM,EAAE,MAAM,CAAC,MAAM;yBACtB,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;yBAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;wBAClD,mEAAmE;wBACnE,WAAW,GAAG,MAAM,CAAC;wBACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE;4BAC3D,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,SAAS,EAAE,SAAS,CAAC,IAAI;4BACzB,MAAM,EAAE,MAAM,CAAC,MAAM;yBACtB,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;yBAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;wBACpE,4DAA4D;wBAC5D,cAAc,GAAG;4BACf,GAAG,cAAc;4BACjB,SAAS,EAAE,MAAM,CAAC,iBAAiB;yBACpC,CAAC;wBACF,WAAW,GAAG,MAAM,CAAC;oBACvB,CAAC;yBAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;wBACvC,6BAA6B;wBAC7B,WAAW,GAAG,MAAM,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;oBACtD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;oBAE5E,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,0BAA0B,EAC1B;wBACE,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;qBACvB,EACD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,CACzD,CAAC;oBAEF,+CAA+C;oBAC/C,gBAAgB,CAAC,IAAI,CAAC;wBACpB,aAAa,EAAE,SAAS,CAAC,IAAI;wBAC7B,MAAM,EAAE;4BACN,QAAQ,EAAE,MAAM;4BAChB,MAAM,EAAE,oBAAoB,YAAY,EAAE;yBAC3C;wBACD,UAAU;qBACX,CAAC,CAAC;oBAEH,WAAW,GAAG;wBACZ,QAAQ,EAAE,MAAM;wBAChB,MAAM,EAAE,cAAc,SAAS,CAAC,IAAI,qBAAqB,YAAY,EAAE;qBACxE,CAAC;oBACF,MAAM;gBACR,CAAC;YACH,CAAC;YAED,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAEtD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,aAAa,EAAE,WAAW,CAAC,QAAQ;gBACnC,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,GAAG,CAAC,GAAG,GAAG;aACzD,CAAC,CAAC;YAEH,IAAI,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YAClD,IAAI,EAAE,YAAY,CAAC,eAAe,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,WAAW,CAAC,QAAQ,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC/C,IAAI,EAAE,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1E,CAAC;YACD,IAAI,EAAE,YAAY,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;YACxD,IAAI,EAAE,GAAG,EAAE,CAAC;YAEZ,OAAO;gBACL,WAAW;gBACX,gBAAgB;gBAChB,eAAe;aAChB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,EAAE,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB;YACrD,IAAI,EAAE,GAAG,EAAE,CAAC;YACZ,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,QAAgB;QAC9C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1C,yDAAyD;YACzD,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,2CAA2C;YAC3C,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,IAAI,EAAE,WAAW;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,SAAmB,EACnB,MAAM,GAAG,iBAAiB;IAE1B,OAAO;QACL,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,iBAAiB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACpD,QAAQ,EAAE,CAAC,EAAE,YAAY;QACzB,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACtB,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,GAAG,MAAM,KAAK,OAAO,CAAC,QAAQ,EAAE;SACzC,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,SAAmB,EACnB,MAAM,GAAG,0BAA0B;IAEnC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IACnC,OAAO;QACL,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,sBAAsB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzD,QAAQ,EAAE,CAAC,EAAE,YAAY;QACzB,QAAQ,EAAE,CAAC,OAAO,EAAE,EAAE;YACpB,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,GAAG,MAAM,KAAK,OAAO,CAAC,QAAQ,EAAE;aACzC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/core/veto.d.ts
CHANGED
|
@@ -15,11 +15,12 @@ import type { EconomicContext, EconomicDenialDetails, EconomicPolicyConfig, Budg
|
|
|
15
15
|
import type { MCPTool, MCPServerClient, MCPToolResult } from '../providers/types.js';
|
|
16
16
|
import type { RuleSeverity } from '../rules/types.js';
|
|
17
17
|
import type { KernelClient as KernelClientType } from '../kernel/client.js';
|
|
18
|
-
import type { CloudToolRegistration } from '../cloud/types.js';
|
|
18
|
+
import type { ApprovalData, ApprovalPollOptions, CloudToolRegistration } from '../cloud/types.js';
|
|
19
19
|
import { VetoCloudClient } from '../cloud/client.js';
|
|
20
20
|
import { type OutputValidationResult } from './output-validator.js';
|
|
21
21
|
import type { VetoBrowserOptions as SharedVetoBrowserOptions, VetoFromCloudOptions as SharedVetoFromCloudOptions } from '../browser/types.js';
|
|
22
22
|
import { type VetoWebhookEventType } from './events.js';
|
|
23
|
+
import { type VetoTracer } from '../observability/otel.js';
|
|
23
24
|
/**
|
|
24
25
|
* Veto operating mode.
|
|
25
26
|
* - "strict": Block tool calls when validation fails
|
|
@@ -36,6 +37,7 @@ export type VetoMode = 'strict' | 'log' | 'shadow';
|
|
|
36
37
|
* - "cloud": Use Veto Cloud API with approval workflow support
|
|
37
38
|
*/
|
|
38
39
|
export type ValidationMode = 'local' | 'api' | 'kernel' | 'custom' | 'cloud';
|
|
40
|
+
type StartupMode = 'local' | 'cloud' | 'self-hosted' | 'api' | 'kernel' | 'custom';
|
|
39
41
|
/**
|
|
40
42
|
* Wrapped handler function type.
|
|
41
43
|
*/
|
|
@@ -78,6 +80,13 @@ export interface GuardResult {
|
|
|
78
80
|
/** Structured economic denial details (present when economic policy denies) */
|
|
79
81
|
economicDenial?: EconomicDenialDetails;
|
|
80
82
|
}
|
|
83
|
+
export interface VetoRuntimeInfo {
|
|
84
|
+
configDir: string;
|
|
85
|
+
mode: VetoMode;
|
|
86
|
+
validationMode: ValidationMode;
|
|
87
|
+
startupMode: StartupMode;
|
|
88
|
+
cloudReady: boolean;
|
|
89
|
+
}
|
|
81
90
|
/**
|
|
82
91
|
* Parsed veto.config.yaml structure.
|
|
83
92
|
*/
|
|
@@ -153,6 +162,13 @@ interface VetoConfigFile {
|
|
|
153
162
|
};
|
|
154
163
|
/** Economic authorization policy (x402, MPP, AP2 support) */
|
|
155
164
|
economic?: EconomicPolicyConfig;
|
|
165
|
+
/** Tamper-evident append-only audit log configuration */
|
|
166
|
+
audit?: {
|
|
167
|
+
/** Enable the audit log. Defaults to false. */
|
|
168
|
+
enabled?: boolean;
|
|
169
|
+
/** Path for the audit log file. Defaults to .veto/audit.log */
|
|
170
|
+
path?: string;
|
|
171
|
+
};
|
|
156
172
|
}
|
|
157
173
|
/**
|
|
158
174
|
* Options for creating a Veto instance.
|
|
@@ -231,6 +247,29 @@ export interface VetoOptions {
|
|
|
231
247
|
onDecisionMade?: (result: GuardResult & {
|
|
232
248
|
toolName: string;
|
|
233
249
|
}) => void;
|
|
250
|
+
/**
|
|
251
|
+
* OpenTelemetry integration options.
|
|
252
|
+
* Requires @opentelemetry/api as an optional peer dependency.
|
|
253
|
+
* When @opentelemetry/api is not installed, all spans are no-ops.
|
|
254
|
+
*/
|
|
255
|
+
telemetry?: {
|
|
256
|
+
/** Set to false to disable OTEL instrumentation entirely. Defaults to true (auto-detect). */
|
|
257
|
+
enabled?: boolean;
|
|
258
|
+
/** Service name reported to the tracer. Defaults to 'veto-sdk'. */
|
|
259
|
+
serviceName?: string;
|
|
260
|
+
};
|
|
261
|
+
/**
|
|
262
|
+
* Tamper-evident append-only audit log. Each decision is hashed and chained.
|
|
263
|
+
* Verify with `veto audit verify`.
|
|
264
|
+
*/
|
|
265
|
+
audit?: {
|
|
266
|
+
/** Enable the audit log. Defaults to false. */
|
|
267
|
+
enabled?: boolean;
|
|
268
|
+
/** Path for the audit log file. Defaults to .veto/audit.log */
|
|
269
|
+
path?: string;
|
|
270
|
+
};
|
|
271
|
+
/** @internal Pre-resolved tracer injected by init() after async OTEL load. */
|
|
272
|
+
_otelTracer?: VetoTracer | null;
|
|
234
273
|
}
|
|
235
274
|
export type VetoBrowserOptions = SharedVetoBrowserOptions<VetoCloudClient> & {
|
|
236
275
|
budget?: VetoConfigFile['budget'];
|
|
@@ -304,6 +343,7 @@ export declare class Veto {
|
|
|
304
343
|
private readonly browserMode;
|
|
305
344
|
private readonly compiledExpressionCache;
|
|
306
345
|
private refreshIntervalId;
|
|
346
|
+
private otelTracer;
|
|
307
347
|
private constructor();
|
|
308
348
|
/**
|
|
309
349
|
* Initialize Veto by loading configuration and rules.
|
|
@@ -504,7 +544,7 @@ export declare class Veto {
|
|
|
504
544
|
* const wrappedTools = veto.wrap(tools);
|
|
505
545
|
*
|
|
506
546
|
* const agent = createAgent({
|
|
507
|
-
* model: 'openai:gpt-
|
|
547
|
+
* model: 'openai:gpt-5.4',
|
|
508
548
|
* tools: wrappedTools, // Same type as input!
|
|
509
549
|
* });
|
|
510
550
|
* ```
|
|
@@ -565,6 +605,15 @@ export declare class Veto {
|
|
|
565
605
|
* Validate and transform tool output against configured output rules.
|
|
566
606
|
*/
|
|
567
607
|
validateOutput(toolName: string, output: unknown): OutputValidationResult;
|
|
608
|
+
isCloudReady(): boolean;
|
|
609
|
+
getRuntimeInfo(): VetoRuntimeInfo;
|
|
610
|
+
waitForApproval(approvalId: string, options?: ApprovalPollOptions): Promise<ApprovalData>;
|
|
611
|
+
logToolExecution(toolName: string, args: Record<string, unknown>, result: unknown, context?: {
|
|
612
|
+
toolCallId?: string;
|
|
613
|
+
sessionId?: string;
|
|
614
|
+
agentId?: string;
|
|
615
|
+
error?: unknown;
|
|
616
|
+
}): void;
|
|
568
617
|
/**
|
|
569
618
|
* Run a standalone guard check without wrapping or executing a tool.
|
|
570
619
|
*
|
|
@@ -623,6 +672,8 @@ export declare class Veto {
|
|
|
623
672
|
*/
|
|
624
673
|
resetEconomicBudget(scope?: BudgetScope): void;
|
|
625
674
|
dispose(): void;
|
|
675
|
+
/** Await pending async audit log writes. Call before reading the log in tests or on shutdown. */
|
|
676
|
+
flushAuditLog(): Promise<void>;
|
|
626
677
|
}
|
|
627
678
|
export { ToolCallDeniedError };
|
|
628
679
|
export { BudgetExceededError };
|